Hi,
HAProxy 2.4.15 was released on 2022/03/14. It added 26 new commits
after version 2.4.14.
This one contains more or less the same fixes than the 2.5.5, except
2.5-specific ones :
* An issue in the pass-through multiplexer leading to a connection leak on
the server side when timeout occurred during the connection
establishment. In this case, the server connection was detached from the
application stream but not closed. At this stage the connection could
only be closed by the server, if it was finally accepted, or by the
kernel, after all SYN retries. All versions as far as 2.3 are affected
by this bug.
* An issue in the master CLI. When a command was sent to a worker, the
errors, especially write errors, during the response processing were not
properly handled. The session could remain stuck if a client quickly
closed the connection before the response was fully sent. The maxconn
value of the master CLI is set 10. Thus, it could quickly be
unresponsive if this happened several times.
* A possible null deref in the htx_xfer_blks() function, when headers or
trailers were partially transferred. Concretely, it was only possible
when H2 trailers were copied from the mux to the channel buffer.
* An issue with all HTX applets. The end of a message was only reported at
the HTX level. The channel's flags were not updated accordingly. The
only known visible effect of this bug was some server aborts erroneously
reported in the stats counters.
* A theoretical risk of memleak in session_accept_fd() because of a wrong
goto label on the error path.
* An alignment issue with pool_head structure.
* Proxy mode (tcp, http, cli...) is not properly reported when
displayed. Missing "syslog" and "peers" mode can now be reported.
* "no-memory-trimming" global option was added to disable call to
malloc_trim(). Some users with very large numbers of connections have
been facing extremely long malloc_trim() calls on reload that managed to
trigger the watchdog! That's a bit counter-productive. It's even
possible that some implementations are not perfectly reliable or that
their trimming time grows quadratically with the memory used. With this
option, it is possible to disable this mechanism.
* The anti-loop protection in process_stream() was improved to only count
the no-progress calls.
Thanks everyone for your help and your contributions!
Please find the usual URLs below :
Site index : http://www.haproxy.org/
Discourse : http://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Wiki : https://github.com/haproxy/wiki/wiki
Sources : http://www.haproxy.org/download/2.4/src/
Git repository : http://git.haproxy.org/git/haproxy-2.4.git/
Git Web browsing : http://git.haproxy.org/?p=haproxy-2.4.git
Changelog : http://www.haproxy.org/download/2.4/src/CHANGELOG
Cyril's HTML doc : http://cbonte.github.io/haproxy-dconv/
---
Complete changelog :
Christian Ruppert (1):
DOC: Fix usage/examples of deprecated ACLs
Christopher Faulet (12):
BUG/MEDIUM: htx: Fix a possible null derefs in htx_xfer_blks()
REGTESTS: fix the race conditions in normalize_uri.vtc
REGTESTS: fix the race conditions in secure_memcmp.vtc
BUG/MINOR: hlua: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: stats: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: cache: Set conn-stream/channel EOI flags at the end of request
BUG/MINOR: promex: Set conn-stream/channel EOI flags at the end of request
DEBUG: cache: Update underlying buffer when loading HTX message in cache
applet
BUG/MEDIUM: mcli: Properly handle errors and timeouts during reponse
processing
DEBUG: stream: Add the missing descriptions for stream trace events
DEBUG: stream: Fix stream trace message to print response buffer state
BUG/MAJOR: mux-pt: Always destroy the backend connection on detach
Ilya Shipitsin (3):
CI: github actions: add OpenTracing builds
CI: github actions: use cache for OpenTracing
CI: github actions: use cache for SSL libs
William Lallemand (2):
BUG/MINOR: add missing modes in proxy_mode_str()
BUG/MINOR: cli: shows correct mode in "show sess"
Willy Tarreau (8):
CI: github actions: add the output of $CC -dM -E-
BUG/MINOR: pool: always align pool_heads to 64 bytes
BUG/MEDIUM: pools: fix ha_free() on area in the process of being freed
MINOR: pools: add a new global option "no-memory-trimming"
BUILD: pools: fix backport of no-memory-trimming on non-linux OS
BUG/MINOR: session: fix theoretical risk of memleak in session_accept_fd()
BUG/MINOR: stream: make the call_rate only count the no-progress calls
BUILD: tree-wide: mark a few numeric constants as explicitly long long
--
Christopher Faulet
